The link you give is just for your reply, the hole thread is:
http://groups.google.de/group/php-ids/browse_thread/thread/f689a9c8cc934867/9a59ea6557f36bd0#9a59ea6557f36bd0
I'll post there my opinion :)

BTW, you know that all through this carousel, I never had to adjust NoScript's Anti-XSS filter for catching anything new?
ATM I'm just optimizing for speed and using the extra wisdom acquired in this thread to release constraints :)
I'm between 0 and 30 millisecs for complex URLs. Have you got any benchmark for (PHP|NET)IDS?

Disclaimer & credits: original disclosure and flattering proof of concept courtesy of elioWarning: if you use NoScript, you'll need to allow a ton of assorted junk, included google analytics: the first ad-sponsored XSS? :D

Ronald Wrote:
-------------------------------------------------------
> This is exactly what I meant:
> http://demo.php-ids.org/?test=___%3D1%3F%27ert%281
> 23%29%27%3A0%2C_%3D1%3F%27al%27%3A0%2C__%3D1%3F%27
> ev%27%3A0%2C1%5B__%2B_%5D%28_%2B___%29
>
> This will never happen in a legitimate query and
> thereby this can be detected very quickly with all
> combinations of: ( = , ' " : ( ) [ ])
>
> I personally never saw a queries like this, did
> you?

I can't see anything illegal in that query, it's all urlencoded:
test=___%3D1%3F%27ert%28123%29%27%3A0%2C_%3D1%3F%27al%27%3A0%2C__%3D1%3F%27ev%27%3A0%2C1%5B__%2B_%5D%28_%2B___%29

BTW, if I was an admin of this board, I would obviously see a lot of legitimate HTTP requests like that, especially in the traffic related to the "So it begins" thread.